We’re excited to announce the beta support for Mesh Manager in the Konnect Terraform Provider — a new tool that brings the power of infrastructure-as-code to Kong’s Service Mesh management platform. This provider enables engineering teams to declaratively manage Konnect Mesh resources using HashiCorp Terraform.
Terraform is an infrastructure-as-code (IaC) tool developed by HashiCorp. It allows users to define and provision data center infrastructure using a declarative configuration language known as HashiCorp Configuration Language (HCL). Terraform enables the safe and efficient building, changing, and versioning of infrastructure across various service providers.
By codifying infrastructure, Terraform allows for consistent and repeatable deployments, reducing the potential for human error and facilitating collaboration among teams.
Terraform relies on plugins called providers to interact with cloud providers, SaaS providers, and other APIs. Each provider is responsible for understanding API interactions and exposing resources and data sources that Terraform can manage. Providers enable Terraform to manage a wide range of infrastructure components, from low-level resources like compute instances and storage to high-level services like DNS entries and SaaS features.
The Mesh Manager support in Konnect Terraform Provider is a new addition to the ecosystem, enabling users to manage Kong Mesh resources declaratively. With this provider, you can codify your mesh infrastructure, making it easier to version, audit, and collaborate on changes. The provider supports the creation and management of Control Planes as well as all mesh resources and policies.
An example of creating a Control Plane, a Mesh, and a MeshTrafficPermission looks like this:
resource "konnect_mesh_control_plane" "my_meshcontrolplane" {
provider = konnect-beta
name = "TF CP"
description = "A control plane created using terraform"
}
resource "konnect_mesh" "default" {
provider = konnect-beta
type = "Mesh"
cp_id = konnect_mesh_control_plane.my_meshcontrolplane.id
name = "default"
skip_creating_initial_policies = [ "*" ]
}
resource "konnect_mesh_traffic_permission" "allow_all" {
provider = konnect-beta
cp_id = konnect_mesh_control_plane.my_meshcontrolplane.id
mesh = konnect_mesh.mesh1.name
type = "MeshTrafficPermission"
name = "allow-all"
spec = {
from = [
{
target_ref = {
kind = "Mesh"
}
default = {
action = "Allow"
}
}
]
}
}Please refer to the getting started guide for a step-by-step tutorial.
Using the import directive, you can import existing resources into your Terraform state like this:
import {
provider = "konnect-beta"
to = konnect_mesh_control_plane.my_meshcontrolplane
id = "c9fd8f76-6460-45fb-9a64-a981d8a512d7"
}For a step-by-step guide, please refer to the documentation.
If you’re using the on-prem version of Kong Mesh, there is a separate provider https://github.com/Kong/terraform-provider-kong-mesh/ (currently in BETA) that is designed especially for that and has the same features for Kong Mesh as the Konnect one.
We welcome your feedback to improve its functionality and stability. If you encounter any issues or have suggestions, please open an issue in the GitHub repository.
Kong Mesh 2.13 delivers full support for Mesh Identity for Kubernetes and Universal mode. Plus, it's been designated as a Long Term Support release, with support for a total of 2 years. But first, what's Kong Mesh for the uninitiated? Built on top
Deploying Kong Mesh on ECS The focus of this blog is to provide step-by-step instructions for deploying and configuring Kong Mesh with Kong Konnect on an AWS ECS instance so that anyone will be able to get pre-production installation of Kong Mesh st
We’re at it again, bringing more incremental improvements to Kong Mesh! Built on top of Kuma, Kong Mesh brings much-needed simplicity and production-grade tooling. Kong Mesh is built for smooth operations with platform teams in mind, providing secu
Managed Redis cache is a turnkey "Shared State" add-on for Kong Dedicated Cloud Gateways. It is designed to combine the performance of an in-memory data store with the simplicity of a SaaS product. When you spin up a Dedicated Cloud Gateway in Kong
With Kong Ingress Controller, when your Control Plane was hosted in Kong Konnect, and you were using Kubernetes Gateway API, your dataplane, routes, and services were in read-only mode. When using Kong Ingress Controller with Kubernetes Gateway API
The Kong MCP Registry acts as a central directory for AI agents and clients to access services that provide context or take action. For AI agents, think of it as a combination of a "Service Catalog" and a "Developer Portal." It offers the metadata,
We've talked about why 2026 is the year of AI unit economics . There, we explored the "2025 hangover" where organizations realized that without financial governance, AI isn't just a science project but has become a margin-bleeding cost center. But